codespell

Author: mamico

.meta.toml

@@ -6,7 +6,7 @@ template = "default"
 commit-id = "71d0218b"
 
 [pyproject]
-codespell_skip = "*.min.js"
+codespell_skip = "*.min.js,*.ldif"
 codespell_ignores = "vew"
 dependencies_mappings = [
   "pytest-plone = ['pytest', 'plone.testing', 'plone.app.testing']",

pyproject.toml

@@ -74,7 +74,7 @@ target-version = ["py38"]
 
 [tool.codespell]
 ignore-words-list = "discreet,vew"
-skip = "*.po,*.min.js"
+skip = "*.po,*.min.js,*.ldif"
 ##
 # Add extra configuration options in .meta.toml:
 #  [pyproject]

tests/docker-test-openldap/.dockerignore

@@ -0,0 +1,3 @@
+.git
+.gitignore
+README.md

tests/docker-test-openldap/.gitignore

@@ -0,0 +1 @@
+certs

tests/docker-test-openldap/CHANGELOG.md

@@ -0,0 +1,22 @@
+# Changelog
+
+
+## v2.1 (rroemhild/test-openldap:2.1)
+
+* Re-add PR #14: add_config_admin_pw
+
+
+## v2.0 (rroemhild/test-openldap:2.0)
+
+* Set ports higher than 10000 (10389 / 10636)
+* Set user in dockerfile
+* Use tini to start slapd
+* Use CMD for slapd arguments
+
+
+### Breaking changes
+
+Different port numbers than in the version before
+
+* 380 -> 10389
+* 686 -> 10686

tests/docker-test-openldap/Dockerfile

@@ -0,0 +1,47 @@
+# FROM debian:bookworm-slim
+FROM debian:buster-slim
+
+# Configuration Env Variables with defaults
+ENV DATA_DIR="/opt/openldap/bootstrap/data"
+ENV CONFIG_DIR="/opt/openldap/bootstrap/config"
+ENV LDAP_DOMAIN=planetexpress.com
+ENV LDAP_ORGANISATION="Planet Express, Inc."
+ENV LDAP_BINDDN="cn=admin,dc=planetexpress,dc=com"
+ENV LDAP_SECRET=GoodNewsEveryone
+ENV LDAP_CA_CERT="/etc/ldap/ssl/fullchain.crt"
+ENV LDAP_SSL_KEY="/etc/ldap/ssl/ldap.key"
+ENV LDAP_SSL_CERT="/etc/ldap/ssl/ldap.crt"
+ENV LDAP_FORCE_STARTTLS="false"
+
+# Install slapd and requirements
+RUN apt-get update \
+	&& apt-get dist-upgrade -y \
+    && DEBIAN_FRONTEND=noninteractive apt-get \
+        install -y --no-install-recommends \
+            xz-utils \
+            slapd \
+            ldap-utils \
+            openssl \
+            ca-certificates \
+    && rm -rf /var/lib/apt/lists/* \
+    && mkdir /etc/ldap/ssl /bootstrap
+
+# Add s6-overlay
+# ARG S6_OVERLAY_VERSION=3.2.0.2
+# ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp
+# RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz
+# ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz /tmp
+# RUN tar -C / -Jxpf /tmp/s6-overlay-x86_64.tar.xz
+ADD https://github.com/just-containers/s6-overlay/releases/download/v2.2.0.1/s6-overlay-amd64-installer /tmp/
+RUN chmod +x /tmp/s6-overlay-amd64-installer && /tmp/s6-overlay-amd64-installer /
+
+# ADD rootfs files
+ADD ./rootfs /
+
+VOLUME ["/etc/ldap/slapd.d", "/etc/ldap/ssl", "/var/lib/ldap", "/run/slapd"]
+
+EXPOSE 10389 10636
+
+CMD ["/init"]
+
+HEALTHCHECK CMD ["ldapsearch", "-H", "ldap://127.0.0.1:10389", "-D", "${LDAP_BINDDN}", "-w", "${LDAP_SECRET}", "-b", "${LDAP_BINDDN}"]

tests/docker-test-openldap/LETSENCRYPT_CERTS.md

@@ -0,0 +1,40 @@
+# LetsEncrypt Certificates for OpenLDAP
+- Use https://github.com/matrix-org/docker-dehydrated#behaviour
+    ```
+    mkdir data
+    echo "ldap.customdomain.com" > data/domains.txt
+
+    # create a docker-compose.yml file
+    version: '2'
+    services:
+      dehydrated:
+        image: docker.io/matrixdotorg/dehydrated
+        restart: unless-stopped
+        volumes:
+          - ./data:/data
+        environment:
+          - DEHYDRATED_GENERATE_CONFIG=yes
+          - DEHYDRATED_CA="https://acme-v02.api.letsencrypt.org/directory"
+          # - DEHYDRATED_CA="https://acme-staging-v02.api.letsencrypt.org/directory"
+          - DEHYDRATED_CHALLENGE="dns-01"
+          - DEHYDRATED_KEYSIZE="4096"
+          - DEHYDRATED_HOOK="/usr/local/bin/lexicon-hook"
+          - DEHYDRATED_RENEW_DAYS="30"
+          - DEHYDRATED_KEY_RENEW="yes"
+          - DEHYDRATED_EMAIL="[email protected]"
+          - DEHYDRATED_ACCEPT_TERMS=yes
+          - PROVIDER=cloudflare
+          - LEXICON_CLOUDFLARE_USERNAME
+          - LEXICON_CLOUDFLARE_TOKEN
+
+
+    #run docker compose
+    docker-compose up
+    ```
+
+# Copy Certificates to correct directory
+```
+cp fullchain-*.pem ldap/fullchain.crt
+cp cert-*.pem ldap/ldap.crt
+cp privkey-1623520297.pem ldap/ldap.key
+```

tests/docker-test-openldap/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Rafael Römhild
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

tests/docker-test-openldap/README.md

@@ -0,0 +1,238 @@
+https://github.com/rroemhild/docker-test-openldap
+
+# OpenLDAP Docker Image for testing
+
+This Docker image provides an OpenLDAP Server for testing LDAP applications, i.e. unit tests. The server is initialized with the example domain `planetexpress.com` with data from the [Futurama Wiki][futuramawikia].
+
+Parts of the image are based on the work from Nick Stenning [docker-slapd][slapd] and Bertrand Gouny [docker-openldap][openldap].
+
+The Flask extension [flask-ldapconn][flaskldapconn] use this image for unit tests.
+
+[slapd]: https://github.com/nickstenning/docker-slapd
+[openldap]: https://github.com/osixia/docker-openldap
+[flaskldapconn]: https://github.com/rroemhild/flask-ldapconn
+[futuramawikia]: http://futurama.wikia.com
+
+
+## Features
+
+* Initialized with data from Futurama
+* Support for LDAP over TLS (STARTTLS) using a self-signed cert, or valid certificates (LetsEncrypt, etc)
+* memberOf overlay support
+* MS-AD style groups support
+* Supports Forced STARTTLS 
+* Supports custom domain and custom directory structure
+
+
+## Usage
+
+```
+docker pull ghcr.io/rroemhild/docker-test-openldap:master
+docker run --rm -p 10389:10389 -p 10636:10636 ghcr.io/rroemhild/docker-test-openldap:master
+```
+
+## Testing
+
+```
+# Enforce StartTLS with self-signed cert
+LDAPTLS_REQCERT=never ldapsearch -H ldap://localhost:10389 -ZZ -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"
+
+
+# List all Users
+ldapsearch -H ldap://localhost:10389 -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"
+
+# Request StartTLS
+ldapsearch -H ldap://localhost:10389 -Z -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"
+
+# Enforce StartTLS
+ldapsearch -H ldap://localhost:10389 -ZZ -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"
+
+```
+
+## Exposed ports
+
+* 10389 (ldap)
+* 10636 (ldaps)
+
+## Exposed volumes
+
+* /etc/ldap/slapd.d
+* /etc/ldap/ssl
+* /var/lib/ldap
+* /run/slapd
+
+
+## LDAP structure
+
+### dc=planetexpress,dc=com
+
+| Admin            | Secret           |
+| ---------------- | ---------------- |
+| cn=admin,dc=planetexpress,dc=com | GoodNewsEveryone |
+
+### ou=people,dc=planetexpress,dc=com
+
+#### cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com
+
+| Attribute        | Value            |
+| ---------------- | ---------------- |
+| objectClass      | inetOrgPerson |
+| cn               | Hubert J. Farnsworth |
+| sn               | Farnsworth |
+| description      | Human |
+| displayName      | Professor Farnsworth |
+| employeeType     | Owner |
+| employeeType     | Founder |
+| givenName        | Hubert |
+| jpegPhoto        | JPEG-Photo (630x507 Pixel, 26780 Bytes) |
+| mail             | [email protected] |
+| mail             | [email protected] |
+| ou               | Office Management |
+| title            | Professor |
+| uid              | professor |
+| userPassword     | professor |
+
+
+### cn=Philip J. Fry,ou=people,dc=planetexpress,dc=com
+
+| Attribute        | Value            |
+| ---------------- | ---------------- |
+| objectClass      | inetOrgPerson |
+| cn               | Philip J. Fry |
+| sn               | Fry |
+| description      | Human |
+| displayName      | Fry |
+| employeeType     | Delivery boy |
+| givenName        | Philip |
+| jpegPhoto        | JPEG-Photo (429x350 Pixel, 22132 Bytes) |
+| mail             | [email protected] |
+| ou               | Delivering Crew |
+| uid              | fry |
+| userPassword     | fry |
+
+
+### cn=John A. Zoidberg,ou=people,dc=planetexpress,dc=com
+
+| Attribute        | Value            |
+| ---------------- | ---------------- |
+| objectClass      | inetOrgPerson |
+| cn               | John A. Zoidberg |
+| sn               | Zoidberg |
+| description      | Decapodian |
+| displayName      | Zoidberg |
+| employeeType     | Doctor |
+| givenName        | John |
+| jpegPhoto        | JPEG-Photo (343x280 Pixel, 26438 Bytes) |
+| mail             | [email protected] |
+| ou               | Staff |
+| title            | Ph. D. |
+| uid              | zoidberg |
+| userPassword     | zoidberg |
+
+### cn=Hermes Conrad,ou=people,dc=planetexpress,dc=com
+
+| Attribute        | Value            |
+| ---------------- | ---------------- |
+| objectClass      | inetOrgPerson |
+| cn               | Hermes Conrad |
+| sn               | Conrad |
+| description      | Human |
+| employeeType     | Bureaucrat |
+| employeeType     | Accountant |
+| givenName        | Hermes |
+| mail             | [email protected] |
+| ou               | Office Management |
+| uid              | hermes |
+| userPassword     | hermes |
+
+### cn=Turanga Leela,ou=people,dc=planetexpress,dc=com
+
+| Attribute        | Value            |
+| ---------------- | ---------------- |
+| objectClass      | inetOrgPerson |
+| cn               | Turanga Leela |
+| sn               | Turanga |
+| description      | Mutant |
+| employeeType     | Captain |
+| employeeType     | Pilot |
+| givenName        | Leela |
+| jpegPhoto        | JPEG-Photo (429x350 Pixel, 26526 Bytes) |
+| mail             | [email protected] |
+| ou               | Delivering Crew |
+| uid              | leela |
+| userPassword     | leela |
+
+### cn=Bender Bending Rodríguez,ou=people,dc=planetexpress,dc=com
+
+| Attribute        | Value            |
+| ---------------- | ---------------- |
+| objectClass      | inetOrgPerson |
+| cn               | Bender Bending Rodríguez |
+| sn               | Rodríguez |
+| description      | Robot |
+| employeeType     | Ship's Robot |
+| givenName        | Bender |
+| jpegPhoto        | JPEG-Photo (436x570 Pixel, 26819 Bytes) |
+| mail             | [email protected] |
+| ou               | Delivering Crew |
+| uid              | bender |
+| userPassword     | bender |
+
+### cn=Amy Wong+sn=Kroker,ou=people,dc=planetexpress,dc=com
+
+Amy has a multi-valued DN
+
+| Attribute        | Value            |
+| ---------------- | ---------------- |
+| objectClass      | inetOrgPerson |
+| cn               | Amy Wong |
+| sn               | Kroker |
+| description      | Human |
+| givenName        | Amy |
+| mail             | [email protected] |
+| ou               | Intern |
+| uid              | amy |
+| userPassword     | amy |
+
+### cn=admin_staff,ou=people,dc=planetexpress,dc=com
+
+| Attribute        | Value            |
+| ---------------- | ---------------- |
+| objectClass      | Group |
+| cn               | admin_staff |
+| member           | cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com |
+| member           | cn=Hermes Conrad,ou=people,dc=planetexpress,dc=com |
+
+### cn=ship_crew,ou=people,dc=planetexpress,dc=com
+
+| Attribute        | Value            |
+| ---------------- | ---------------- |
+| objectClass      | Group |
+| cn               | ship_crew |
+| member           | cn=Turanga Leela,ou=people,dc=planetexpress,dc=com |
+| member           | cn=Philip J. Fry,ou=people,dc=planetexpress,dc=com |
+| member           | cn=Bender Bending Rodríguez,ou=people,dc=planetexpress,dc=com |
+
+
+## JAAS configuration
+
+In case you want to use this OpenLDAP server for testing with a Java-based
+application using JAAS and the `LdapLoginModule`, here's a working configuration
+file you can use to connect.
+
+```
+other {
+  com.sun.security.auth.module.LdapLoginModule REQUIRED
+    userProvider="ldap://localhost:10389/ou=people,dc=planetexpress,dc=com"
+    userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))"
+    useSSL=false
+    java.naming.security.principal="cn=admin,dc=planetexpress,dc=com"
+    java.naming.security.credentials="GoodNewsEveryone"
+    debug=true
+    ;
+};
+```
+
+This config uses the admin credentials to connect to the OpenLDAP server and to
+submit the search query for the user that enters their credentials. As username
+the `uid` attribute of each entry is used.